Photo by Chris Ried on Unsplash
Use pip and pipenv with self signed SSL certificates
Using pip and pipenv behind a corporate proxy with self signed SSL
If you work in a cooperate environment, you may be working behind proxies and SSL traffic may be signed by self-signed certificates. This may cause problems while working with pip
and especially with pipenv
. With current versions of pip
, it is possible to ignore SSL errors using the following example command [1].
$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>
--trusted-host
flag disables SSL checking, this will cause a potential security risk if you are not in such network, like working at home.I found that --trusted-host
flag doesn't work as expected while working with pipenv
. There are some records about this issue [2, 3]. Even with the flag, pip
throws errors when invoked by pipenv
in my setup.
Solution
For me, setting REQUESTS_CA_BUNDLE
environment variable prior to calling pipenv
solves the problem. (I found the solution on the Stack Overflow but I can't remember the link). Of course, the certificate file pointed by the varible should include the self signed certificate.
Ubuntu
I tested on Ubuntu 16.04 but this may work on all Debian and Ubuntu derived distros.
$ export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
CentOS
I tested on CentOS 7.8 but this may work on all RedHat derived distros.
$ export REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt